Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Chevron issued an industry alert to other
Bay Area, California refineries after it found that routine safety inspections
failed to uncover corrosion that contributed to a fiery accident at its
Richmond refinery. – KGO 7 San Francisco

1.
September 26, KGO 7 San Francisco –
(California) Chevron issues warning to Bay Area refineries. Chevron
issued a big word of warning to other Bay Area, California refineries after the
company found that routine safety inspections failed to uncover the corrosion
that contributed to last month’s fiery accident at its Richmond, California
refinery. September 26 Chevron sent an industry alert. It said, ―We know a
section of the pipe failed. We are pretty sure we know why it failed. While we
inspected several sections of the 200-foot long pipe, we did not inspect all
sections. This is what we are doing now, and this is what we think other
refineries should do too.‖ A Chevron spokesman added, ―What we have done is
enhanced our inspection program to try and prevent something like this from
happening again. And today we are sharing what we’ve learned, even though our
investigation is ongoing, with other companies so that they can take any
effective action they might need to try and prevent something similar from
happening.‖ The section of the pipe that failed, contributing to the August
fire, had a thinning pipe issue called sulfidation corrosion. Several things
have to happen for this problem to occur — the temperature inside a pipe with
sulfur compounds must exceed 450 degrees Fahrenheit and the pipe must be made of
carbon steel with low silicon. The section of the pipe in question has been
taken away to be analyzed and tested. According to Chevron, the complete
results may not be known for some time. Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=8826440

• The U.S. Air Force is implementing a new
oxygen concentration schedule for Lockheed Martin F-22 Raptor’s on-board oxygen
generation system to address breathing issues that have afflicted F-22 pilots
for years. – Flightglobal.com

8.
September 25, Flightglobal.com –
(National) USAF working on ‘non-minor fix’ for F-22 oxygen problem. The
U.S. Air Force (USAF) is working to modify the Lockheed Martin F-22 Raptor’s
on-board oxygen generation system (OBOGS) with a new oxygen concentration
schedule, Flightglobal.com reported September 25. ―The program office is in the
process of implementing a change to the OBOGS concentration control schedule,‖
the USAF said. The modified schedule is designed to reduce the concentration of
oxygen reaching the pilot’s lungs at lower cockpit altitudes. The high
concentration of oxygen was identified (along with high g-forces) as the cause
of acceleration atelectasis, a condition where air sacs in the pilot’s lungs
collapse. It is the formal medical term for the so-called ―Raptor cough‖ that
has afflicted F-22 pilots. Acceleration atelectasis was identified as a
contributing factor to a series of physiological incidents that have plagued
the USAF’s F-22 fleet from as far back as 2008. The main culprit, however,
according to the the USAF, was a faulty valve in the Combat Edge upper-pressure
garment. At present, the USAF is trying to figure out the best way to implement
the modification to the digital OBOGS found on most of its F-22s. ―The change
is not minor,‖ the USAF said. ―In addition to the concentration schedule
change, the warning band needs to be modified to accommodate the new schedule.
In order to change the warning band, other features need to be incorporated,
such as an automatic back-up oxygen system.‖ The USAF is implementing the
change now, after it rejected a similar modification proposed in 2005 due to
cost reasons. Source: http://www.flightglobal.com/news/articles/usaf-working-on-non-minor-fix-for-f-22-oxygen-problem-376903/

• U.S. Bank’s Web site was disrupted September
26 in a distributed denial of service attack, launched by a group of
hacktivists who have claimed responsibility for similar cyberattacks against
four other U.S. banks. – CSO Online

11. September
27, CSO Online – (International) Hacktivists strike U.S. Bank with
volunteer-powered DDoS. U.S. Bank’s Web site was disrupted September 26 in
a people-powered distributed denial of service (DDoS) attack, launched by a
group of hacktivists who have claimed responsibility for similar cyberattacks
against four other banks in the United States, CSO Online reported September
27. The attack involved hundreds of thousands of computers sending an
overwhelming number of requests that downed the site for roughly an hour,
according to a security researcher at FireEye. The disruption of U.S. Bank’s
Web site came 1 day after a similar attack against Wells Fargo & Co. The
group has taken credit for other attacks that occurred the week of September
17, against Bank of America, JPMorgan Chase, and Citigroup. A representative of
U.S. Bancorp, which operates as U.S. Bank, confirmed it was under attack and
experiencing disruptions. Rather than launch the attack from a network of
compromised machines, called a botnet, the attackers are apparently using
volunteers, the FireEye researcher said. Participants go to either one of two
file-sharing sites and download a program written in a scripting language. Once
the program is running, a person only has to click on a ―start attack‖ button
to send continuous requests to the target’s Web site. This method makes it more
difficult for authorities to stop the attack, because there are no control
servers. The group had said on a Pastebin post that it would attack Wells Fargo
September 25, U.S. Bank September 26, and PNC Financial Services Group
September 27. Source: http://www.pcadvisor.co.uk/news/security/3400907/hacktivists-strike-us-bank-with-volunteer-powered-ddos/

• A man was arrested for acting as an agent
for chiropractic clinics and an injury hotline and paying a Florida hospital
employee to illegally access patient data, according to federal authorities. – Orlando
Sentinel

25. September
26, Orlando Sentinel – (Florida) FBI: Man paid hospital employee for patient data. The
Orlando Sentinel reported September 26 that federal authorities said a central
Florida man who acted as an agent for chiropractic clinics and a injury hotline
paid a Florida hospital employee to illegally access patient data; he was
recently arrested on a federal count of disclosure of prohibited information.
Agents earlier arrested a suspected co-defendant in the case who used to work
in the emergency department at Florida Hospital’s Celebration branch. The
co-defendant was fired in July 2011 after officials learned he accessed the
medical records of a Florida Hospital doctor fatally shot in a hospital parking
garage in 2011. Officials then discovered he inappropriately reviewed 12,000
patient records in detail. After the co-defendant reviewed a patient’s data, he
called the central Florida agent for chiropractic clinics, who would then call
someone else who eventually called patients. Some patients began receiving
phone calls within a week of their hospital visit from someone who offered them
a lawyer or chiropractor referral. Investigators linked the two through
telephone records and money payments. Source: http://articles.orlandosentinel.com/2012-09-26/news/os-florida-hospital-records-arrest-20120926_1_patient-records-hospital-employee-medical-records

• A Phoenix filmmaker was arrested for
allegedly videotaping his nephew dressed in a sheet while pointing a fake
grenade launcher at passing cars to test police-response time. – ABC News

33.
September 26, ABC News – (Arizona) Phoenix
filmmaker arrested after allegedly staging terrorist hoax to test police
response time. A Phoenix filmmaker was arrested for allegedly videotaping
his nephew dressed in a sheet while pointing a fake grenade launcher at passing
cars in an apparent terrorist hoax to test police-response time after the
Aurora, Colorado, movie theater massacre, authorities said September 26. Police
arrested the man September 24 after a nearly 2-month investigation. The
filmmaker faces charges of knowingly giving a false impression of a terrorist
act, endangerment, and contributing to the delinquency of his minor nephew, 16.
Police said they responded 1 minute after they first received calls, but the
video, which the man allegedly filmed July 28 and then posted on YouTube,
apparently shows the fake terrorist roaming around a busy intersection for 15
minutes. ―They told us they were just making a movie,‖ said a Phoenix Police
Department spokesman, adding that there was no arrest that day. The man
apparently posted the video on YouTube 2 days after filming. He called it ―Dark
Knight Shooting Response, Rocket Launcher Police Test.‖ The police spokesman
said authorities became aware of the video a few weeks after they were called
to the scene. Source: http://abcnews.go.com/US/phoenix-filmmaker-arrested-allegedly-staging-terrorist-hoax-test/story?id=17328758#.UGRiIJg81CY

Details

Banking and Finance Sector

10. September
27, Tampa Bay Times – (Florida) Identity thieves redirecting Social Security
checks. A Social Security Administration (SSA) Inspector General (IG) told
members of Congress in September of a ―recent rash‖ of fraudulent activity
which he described as a ―serious issue facing SSA.‖ Fifty times a day, Social
Security’s Office of the Inspector General got a report of an unauthorized
change or attempted change to a direct deposit routing number, often resulting
in a missed payment. The agency began tracking potential fraud reports in
October 2011 and has logged 19,000, the IG said in a written statement to a
House subcommittee on Social Security. Most victims had given out, or lost personal
data to identity scammers. The payments then had their routing numbers altered.
The IG’s statement described a need for better identity verification procedures
in field offices, call centers, and at financial institutions. He focused on
institutions that issue prepaid debit cards. People who receive Social Security
benefits sometimes choose to have the money deposited on reloadable cards,
purchased at retailers or online. The IG called the cards ―particularly
tempting tools for benefit thieves.‖ Using reloadable cards was a lesson
already learned by the Internal Revenue Service. Thieves often use prepaid
debit cards to collect fraudulent tax refunds. The special agent in charge of
the Secret Service’s Tampa office said Social Security check diversion could be
the next wave of government fraud. Source: http://www.tampabay.com/news/publicsafety/crime/identity-thieves-redirecting-social-security-checks/1253598

11. September
27, CSO Online – (International) Hacktivists strike U.S. Bank with
volunteer-powered DDoS. U.S. Bank’s Web site was disrupted September 26 in
a people-powered distributed denial of service (DDoS) attack, launched by a
group of hacktivists who have claimed responsibility for similar cyberattacks
against four other banks in the United States, CSO Online reported September
27. The attack involved hundreds of thousands of computers sending an
overwhelming number of requests that downed the site for roughly an hour,
according to a security researcher at FireEye. The disruption of U.S. Bank’s Web
site came 1 day after a similar attack against Wells Fargo & Co. The group
has taken credit for other attacks that occurred the week of September 17,
against Bank of America, JPMorgan Chase, and Citigroup. A representative of
U.S. Bancorp, which operates as U.S. Bank, confirmed it was under attack and
experiencing disruptions. Rather than launch the attack from a network of
compromised machines, called a botnet, the attackers are apparently using
volunteers, the FireEye researcher said. Participants go to either one of two
file-sharing sites and download a program written in a scripting language. Once
the program is running, a person only has to click on a ―start attack‖ button
to send continuous requests to the target’s Web site. This method makes it more
difficult for authorities to stop the attack, because there are no control
servers. The group had said on a Pastebin post that it would attack Wells Fargo
September 25, U.S. Bank September 26, and PNC Financial Services Group
September 27. Source: http://www.pcadvisor.co.uk/news/security/3400907/hacktivists-strike-us-bank-with-volunteer-powered-ddos/

12. September
26, Federal Bureau of Investigation – (Ohio) Former Fifth Third
Bank employee indicted in $12 million fraud scheme. A 44-count indictment
was filed September 26 against a loan officer/vice president related to a
scheme that resulted in the loss of $12 million while she was employed at a
Fifth Third Bank in Toledo, Ohio. The loan officer and vice president falsified
documents and submitted them to bank officials to obtain credit approval for
large commercial loans that would have otherwise been declined, according to
the indictment. In conjunction with these loans, she solicited and accepted a
gratuity payment from the borrowers. She then attempted to conceal these funds
by creating a fake consulting business under which she invoiced borrowers for
services not performed and accepted the gratuities, according to the
indictment. As a result of defaults upon these loans, the Fifth Third Bank of
Toledo, Ohio, suffered a loss of approximately $12 million. Source: http://www.loansafe.org/former-fifth-third-bank-employee-indicted-in-12-million-fraud-scheme

13. September
26, Colorado Springs Gazette – (Colorado) Springs
businessman indicted on fraud, racketeering charges. A Colorado Springs man
was indicted by a Denver grand jury on 20 counts of securities fraud,
conspiracy to commit securities fraud, and racketeering for allegedly using
$8.5 million raised from 19 investors for his personal expenses and other
businesses, the Colorado Springs Gazette reported September 26. An arrest
warrant was issued for the man, who remains at large. The indictment alleges
the man promoted vacation home investments between 2006 and 2011 through his
company, called Continental Resort Homes, but instead of buying vacation homes
he spent the money. He also allegedly overstated the assets, capital
contributions, and number of investors in Continental Resort Homes and
understated the company’s debts on its balance sheet, and allegedly lied to
investors about the company owning two properties in which it had no ownership
stake. The 19 investors are unlikely to recover their money since the company
had no assets as of September 26, the date the indictment was handed down.
Source: http://www.gazette.com/articles/wellens-145132-securities-fraud.html

Information Technology Sector

34.
September 25, IDG News Service –
(International) Symantec: Leaked Norton Utilities 2006 source code already
published months ago. Hackers associated with the Anonymous hacktivist
collective published the source code files for Symantec’s Norton Utilities 2006
product on The Pirate Bay BitTorrent Web site September 24, but according to
the security vendor the same files were released in January. The Pirate Bay
torrent was accompanied by a message in which the hackers referred to Symantec
as ―the worst security vendor on planet Earth‖ and hinted that the release is
not the result of a new security breach. Source: http://www.pcworld.com/article/2010584/symantec-leaked-norton-utilities-2006-source-code-already-published-months-ago.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"